[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Intel ME / AMT + NSL vs Tor Nodes

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Intel ME / AMT + NSL vs Tor Nodes
From: Milton Scritsmier <ktr-theonionrouter@xxxxxxxxxxxxxxx>
Date: Sun, 18 Dec 2016 03:22:21 -0700
Authentication-results: smtp01.agate.dfw.synacor.com smtp.user=mscritsm@xxxxxxxxxxxxxxx; auth=pass (LOGIN)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 18 Dec 2016 05:22:43 -0500
In-reply-to: <ef5daec3420c95d30751295ba62a746a.webmail@localhost>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAD2Ti2-o6stvGEVB8exdPKPZztdEVXif+esRx5YKw6=EH1qYLA@mail.gmail.com> <06644443913d1e6dca1b8bb2c14343d3.webmail@localhost> <20161218030837.45d8837b@natsu> <cf39e040-77c8-1059-e9b2-3d9e8f984564@gmx.com> <ef5daec3420c95d30751295ba62a746a.webmail@localhost>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
X_cmae_category: , ,

On 12/17/2016 3:58 PM, podmo wrote:


Agree Intel needs to do a much better job documenting the capabilities,

The most detailed documentation Intel has issued on the ME is probablythe 2014 book "Platform Embedded Security Technology Revealed" by Dr.Xiaoyu Ruan, who is an Intel employee who has a major role in designingsoftware for the ME. It's not really a ME design document so much as abook about designing hardware/software secure platforms that uses the MEas an example and goes into some detail about its design.

Not all Intel chipsets support AMT (check Intel's website for which onesdo, but most consumer PC/laptop chipsets don't), and for every versionof ME firmware there are two releases, one for chipsets with AMT supportand one for chipsets without. Chipsets which support AMT can have the MEfirmware updated remotely if it's signed properly and the AMT passwordis entered or bypassed somehow. Chipsets without AMT support cannot beupdated remotely AFAIK.

If somebody got their hands on the Intel ME toolset and private signingkeys they could create a custom version of ME firmware that could dojust about anything, including accessing almost all the PC's RAM at anytime. But getting it on the machine is the trick. Without AMT support itwould require physical access to the machine, but then you can do justabout anything anyway with physical access.

Could always use a third party NIC instead of the
onboard one too.


Yes.


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Intel ME / AMT + NSL vs Tor Nodes
  - From: podmo

References:
- [tor-talk] Intel ME / AMT + NSL vs Tor Nodes
  - From: grarpamp
- Re: [tor-talk] Intel ME / AMT + NSL vs Tor Nodes
  - From: podmo
- Re: [tor-talk] Intel ME / AMT + NSL vs Tor Nodes
  - From: Roman Mamedov
- Re: [tor-talk] Intel ME / AMT + NSL vs Tor Nodes
  - From: Joe Btfsplk
- Re: [tor-talk] Intel ME / AMT + NSL vs Tor Nodes
  - From: podmo

Prev by Author: [tor-talk] OONI & Sinar Project Report: The State of Internet Censorship in Malaysia
Next by Author: Re: [tor-talk] Tor and iptables.
Previous by thread: Re: [tor-talk] Intel ME / AMT + NSL vs Tor Nodes
Next by thread: Re: [tor-talk] Intel ME / AMT + NSL vs Tor Nodes
Index(es):
- Author
- Thread